Release date:
Updated on:
Affected Systems:
Opera Software Opera Web Browser 12.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56594
Opera is a browser from Norway that features fast speed, saving system resources, strong customization ability, high security, and small size. It is one of the most popular browsers.
Opera Web Browser 12.11 and earlier versions have the heap buffer overflow vulnerability and Information Leakage vulnerability. After successful exploitation, arbitrary code can be executed in affected applications.
1) errors during HTTP Response processing can be exploited to cause heap buffer overflow.
2) when processing the error page, the error can be identified as a local file.
<* Source: vendor
Link: http://secunia.com/advisories/51331/
Http://www.opera.com/support/kb/view/1037/
Http://www.opera.com/support/kb/view/1036/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Opera Software
--------------
Update to: 12.11:
1037: Advisory: Error pages can be used to guess local file paths Severity
Link: http://www.opera.com/download/